<?php
	include_once('dbcon.php');
	include_once('error_log_db.php');

	function checkValues($value) {
		 // Use this function on all those values where you want to check for both sql injection and cross site scripting
		 //Trim the value
		 $value = trim($value);
		 
		// Stripslashes
		if (get_magic_quotes_gpc()) {
			$value = stripslashes($value);
		}
		
		 // Convert all &lt;, &gt; etc. to normal html and then strip these
		 $value = strtr($value,array_flip(get_html_translation_table(HTML_ENTITIES)));
		
		 // Strip HTML Tags
		 $value = strip_tags($value);
		
		// Quote the value
		$value = mysql_real_escape_string($value);
		$value = htmlspecialchars ($value);
		return $value;
	}

	function updateUser($user_id, $first_name, $last_name, $user_agent) {
		global $mysqli;

		$mysqli->query("INSERT INTO users (user_id, first_name, last_name, points, user_agent, hide_at_ranking, last_activity) VALUES('".$user_id."','".$first_name."','".$last_name."','0','".$user_agent."', '0', '".date('Y-m-d H:i:s')."') ON DUPLICATE KEY UPDATE last_activity='".date('Y-m-d H:i:s')."', user_agent='".$user_agent."'");
		logIfError($mysqli, $user_id, "update_user_db", "updateUser", "1");
	}

	if(isset($_REQUEST['user_id']) && isset($_REQUEST['first_name']) && isset($_REQUEST['last_name']) && isset($_REQUEST['user_agent'])) {
		updateUser($_REQUEST['user_id'], $_REQUEST['first_name'], $_REQUEST['last_name'], $_REQUEST['user_agent']);
	}      
?>
